GreyNoise

GreyNoise Documentation Hub

Welcome to the GreyNoise Documentation Hub. You'll find comprehensive guides and documentation to help you start working with GreyNoise as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    API Reference

Improve Analyst Efficiency

Use Case: Improve Analyst Efficiency

GreyNoise’s internet background noise and RIOT (Rule It Out) datasets help analysts minimize resources wasted on investigations into irrelevant events. This data can be integrated with a SIEM to quickly enrich events, a SOAR to automate workflows and incident response, or a TIP as an investigation resource. Events associated with IPs in GreyNoise noise dataset can be deprioritized as they are likely associated with opportunistic internet scan and attack traffic, not targeted reconnaissance. IPs in the RIOT dataset are associated with common benign services such as business applications, update services, or public DNS and are very unlikely to pose a threat.

Scenario 1: SIEM Integration

GreyNoise is integrated into a SIEM application and external IPv4 addresses are automatically looked up to determine if GreyNoise has observed noise from the IP. This information is appended to the log so it can be presented to other tools and analysts.

Enrich events in Splunk to limit events from creating unnecessary alertsEnrich events in Splunk to limit events from creating unnecessary alerts

Enrich events in Splunk to limit events from creating unnecessary alerts

Scenario 2: SOAR Integration

GreyNoise is integrated into a SOAR application. All incidents from the perimeter are queried against GreyNoise and, based on defined rules, incident severity is adjusted.

Enrich alerts in XSOAR to modify the severity based on GreyNoise insights.Enrich alerts in XSOAR to modify the severity based on GreyNoise insights.

Enrich alerts in XSOAR to modify the severity based on GreyNoise insights.

Scenario 3: TIP Integration

GreyNoise is integrated into a TIP application. All incidents from the perimeter are queried against GreyNoise and, based on defined rules, incident severity is adjusted.

Enrich observables in ThreatStream to help analysts to know which to deprioritize.Enrich observables in ThreatStream to help analysts to know which to deprioritize.

Enrich observables in ThreatStream to help analysts to know which to deprioritize.

Updated 4 months ago


Improve Analyst Efficiency


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.